Loading...
 
Print

RFC 2119

RFC 2119 is an IETF Request For Comment visible in its entirety from ietf.org(external link) that specifies how to use certain words in specification?s, typically of protocols. They are applicable to organization protocols as well.

The word "must", or less desirably the terms required or shall, "mean that the definition is an absolute requirement of the specification." While "must not?" or less desirably shall not means that "the definition is an absolute prohibition of the specification."

"Should", or less desirably the adjective recommended, "mean that there may exist valid reasons in particular circumstances to ignore a particular item, but the full implications must be understood and carefully weighed before choosing a different course." While "should not?" or less desirably the phrase "not recommended" "mean that there may exist valid reasons in particular circumstances when the particular behavior is acceptable or even useful, but the full implications should be understood and the case carefully weighed before implementing any behavior described with this label."

The word "may? or less desirably the adjective "optional", mean "that an item is truly optional. One vendor may choose to include the item because a particular marketplace requires it or because the vendor feels that it enhances the product while another vendor may omit the same item. An implementation which does not include a particular option MUST be prepared to interoperate with another implementation which does include the option, though perhaps with reduced functionality. In the same vein an implementation which does include a particular option MUST be prepared to interoperate with another implementation which does not include the option (except, of course, for the feature the option provides)." The IETF style is to capitalize any use of the RFC 2119 imperative words.

Any imperatives of the type "MUST be used with care and sparingly. In particular, they MUST only be used where it is actually required for interoperation or to limit behavior which has potential for causing harm (e.g., limiting retransmisssions) For example, they must not be used to try to impose a particular method on implementors where the method is not required for interoperability."

Since these terms are frequently used to specify behavior with computer security? implications, "the effects on security of not implementing a MUST or SHOULD, or doing something the specification says MUST NOT or SHOULD NOT be done may be very subtle. Document authors should take the time to elaborate the security implications of not following recommendations or requirements as most implementors will not have had the benefit of the experience and discussion that produced the specification." With respect to organization protocols, such explanations reduce the tendency to waste ECG Master time explaining their implications case by case.





Show php error messages